2018-19 Standards for NHS Providers

2018-19 Standards for NHS Providers

2018-19 Standards for NHS Providers

OFFICIAL NHS fraud. Spot it. Report it. Together we stop it. Standards for NHS Providers 2018-19 Fraud, bribery and corruption February 2018 Version 1.0

OFFICIAL Standards for NHS bodies 2018-19 - Version control Version Name Date Comment 1.0 First edition Feb 2018 NA

1 Introduction . . 5 2 The NHS Standard Contract . . 6 3 Overview of the standards . . 7 Introduction . 7 Counter fraud standards . 7 4 The quality assurance programme . . 8 Overview . 8 Counter fraud, bribery and corruption quality assurance programme .

9 Annual report . 9 Self review tool . 10 Assessments . 10 Full assessment . 11 Focused assessment . 11 Thematic assessment . 12 Assessment process . 13 Performance ratings . 14 Identifying and mitigating risks . 16 Risk . 16 Objective . 16 Task . 16 Outputs . 16 Outcomes . 16 Weightings . 17 Reasonable expectations . 17 Feedback . 17 5 Standards . . 18 Key Principle 1: Strategic Governance . 18 Standard 1.1 . 18 Standard 1.2 . 20 Standard 1.3 . 22 Standard 1.4 . 24 Standard 1.5 . 26 Standard 1.6 . 28 Standard 1.7 . 30 Key Principle 2: Inform and Involve . 32 Standard 2.1 . 32 Standard 2.2 .

35 Standard 2.3 . 37 Standard 2.4 . 39 Key Principle 3: Prevent and Deter . 42 Standard 3.1 . 42 Standard 3.2 . 44 Standard 3.3 . 46 Standard 3.4 . 48 Standard 3.5 . 50

Standard 3.6 . 53 Key Principle 4: Hold to Account . 55 Standard 4.1 . 55 Standard 4.2 . 57 Standard 4.3 . 59 Standard 4.4 . 61 Standard 4.5 . 63 Standard 4.6 . 65 6 Appendices . . 67 Appendix 1 - QA programme - Reasonable expectations of the parties . 67 Appendix 2 – The counter fraud assurance programme . 68 Appendix 3 – Summary of changes for 2018-19 . 69

OFFICIAL Standards for NHS Providers 2018-19 - Introduction - Page 5 of 69 1 Introduction 1.1 This document aims to provide information to providers of NHS services on the counter fraud clauses in the NHS Standard Contract 2017/20191 , and explain what providers need to do to comply with them.

1.2 The NHS Counter Fraud Authority (NHSCFA) is a new Special Health Authority, established on 1 November 2017 and charged with identifying, investigating and preventing fraud within the NHS and the wider health group. The legislation which created the NHSCFA transferred all functions and powers from NHS Protect to the NHSCFA. The NHSCFA is independent from other NHS bodies and is directly accountable to the Department of Health and Social Care. 1.3 For more information please visit the NHSCFA website at https://cfa.nhs.uk. 1.4 The term ‘fraud’ above in 1.2 refers to a range of economic crimes, such as fraud, bribery and corruption or any other illegal acts committed by an individual or group of individuals to obtain a financial or professional gain.

1.5 The NHSCFA has five high-level organisational aims. These are:  Deliver the Department of Health and Social Care strategy, vision and strategic plan and lead counter fraud activity in the NHS in England.  Be the single expert intelligence led organisation providing a centralised investigation capacity for complex economic crime matters in the NHS.  Lead and influence the improvement of standards in counter fraud work across the NHS.

 Take the lead in and encourage fraud reporting across the NHS and wider health group.  Continue to develop the expertise of staff working for the NHSCFA. 1.6 The NHS Standard Contract includes mandatory clauses that require providers of NHS services to put in place and maintain appropriate counter fraud arrangements in Chapter 2. 1.7 An overview of the standards is provided in Chapter 3. 1.8 Chapter 4 provides an overview of the quality assurance programme. 1.9 Finally, Chapter 5 provides a detailed explanation for each of the standards, giving an indication of what the organisation needs to do to comply with the standard.

1 NHS Standard Contract updated January 2018.

OFFICIAL Standards for NHS Providers 2018-19 - The NHS Standard Contract - Page 6 of 69 2 The NHS Standard Contract 2.1 The NHS Standard Contract published by NHS England, should be used by Clinical Commissioning Groups (CCGs) and NHS England when commissioning NHS funded services including acute, ambulance, care home, community- based, high secure and mental health and learning disability services. CCGs must also use the NHS Standard Contract for all community-based services provided by GPs, pharmacies and optometrists that have been previously commissioned as Local Enhanced Services.

2.2 The counter fraud clauses are set out in Service Condition 24 and place the follow obligations on providers of NHS services:  Service Condition 24.1 requires all providers to put in place and maintain appropriate counter fraud arrangements, having regard to the NHSCFA’s standards.  Service Condition 24.2 requires those relevant providers which are licensed2 by Monitor3 , and NHS Trusts, to take the necessary action to meet the standards set by the NHSCFA.  Service Condition 24.3 requires the provider to allow, if requested by the co-ordinating commissioner or the NHSCFA, a person duly authorised to act on behalf of the NHSCFA or on behalf of any commissioner to review, in line with the appropriate standards, and counter fraud arrangements put in place by the provider.

 Service Condition 24.4 requires the provider to implement any modifications to its counter fraud arrangements required by a person referred to in Service Condition 24.3 within such timescales as that person may reasonably require.  Service Condition 24.5 requires the provider to report any suspected fraud or corruption involving a service user or NHS funds to the LCFS of the relevant NHS body and the NHSCFA.  Service Condition 24.6 requires the provider, on the request of the Department of Health and Social Care, NHS England, the NHSCFA or the co-ordinating commissioner, to ensure that the NHSCFA or any LCFS appointed by a commissioner is given access within five operational days to property, premises, information and staff for the purpose of detecting and investigating cases of fraud and corruption incidents and breaches.

2.3 The standards referenced in Service Condition 24.2 are explained in Chapter 5. 2 A licence granted by NHS Improvement under section 87 of the Health and Social Care Act 2012. 3 NHS Improvement has brought together two distinct legal entities: Monitor, a non-departmental public body and the NHS Trust Development Authority, a special health authority, under a single leadership and operating model. Both organisations continue to maintain their current legal underpinnings as two separate bodies. Monitor is a corporate body provided by section 61 of the Health and Social Care Act 2012.

OFFICIAL Standards for NHS Providers 2018-19 - Overview of the standards - Page 7 of 69 3 Overview of the standards Introduction 3.1 The NHSCFA is committed to ensuring NHS resources are appropriately protected from fraud, bribery and corruption and has developed a series of counter fraud standards for providers of NHS services.

3.2 Providers should ensure that NHS funds and resources are safeguarded against those minded to commit fraud, bribery or corruption. Failure to do so impacts on a provider’s ability to deliver services and treatment, as NHS funds and resources are wrongfully diverted from patient care.

Counter fraud standards 3.3 The standards in this document have been developed to support NHS providers in implementing appropriate measures to counter fraud, bribery and corruption. Having appropriate measures in place helps to protect NHS resources against fraud, bribery and corruption and ensures they are used for their intended purpose, the delivery of patient care. It is the responsibility of the organisation as a whole to ensure it meets the required standards. However, one or more departments or individuals may be responsible for implementing a specific standard. The key departments or individuals likely to be involved in helping the organisation meet the fraud, bribery and corruption standards are finance, internal and external audit, risk, communications and human resources.

3.4 The fraud, bribery and corruption standards are set out in detail in Chapter 5 of this document and there are four key sections that follow the NHSCFA’s strategy: 3.5 Key Principle 1: Strategic Governance. This section sets out the standards in relation to the organisation’s strategic governance arrangements. The aim is to ensure that counter fraud measures are embedded at all levels across the organisation. (Chapter 5, Standards 1.1 – 1.7) 3.6 Key Principle 2: Inform and Involve. This section sets out the requirements in relation to raising awareness of crime risks against the NHS and working with NHS staff, stakeholders and the public to highlight the risks and consequences of fraud and bribery affecting the NHS.

(Chapter 5, Standards 2.1 – 2.4) 3.7 Key Principle 3: Prevent and Deter. This section sets out the requirements in relation to discouraging individuals who may be tempted to commit fraud against the NHS and ensuring that opportunities for fraud to occur are minimised. (Chapter 5, Standards 3.1 – 3.6) 3.8 Key Principle 4: Hold to Account. This section sets out the requirements in relation to detecting and investigating economic crime, obtaining sanctions and seeking redress. (Chapter 5, Standards 4.1 – 4.6)

OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 8 of 69 4 The quality assurance programme Overview 4.1 The NHSCFA mission is to lead the fight against fraud affecting the NHS and wider health service, and protect vital resources intended for patient care. Its vision is for an NHS which can protect its valuable resources from fraud. Its purpose is to lead the NHS in protecting its resources by using intelligence to understand the nature of fraud risks, investigate serious and complex fraud, reduce its impact and drive improvements.

4.2 The NHS counter fraud quality assurance programme will drive these improvements by ensuring that quality requirements are fulfilled.

This will be done through systematic measurement, comparison with standards, monitoring of processes and a continuous loop of feedback. 4.3 Using the counter fraud, bribery and corruption standards set out in this document, the NHSCFA will support organisations through regular benchmarking, compliance testing, evaluation of effectiveness and value for money indicators. The quality assurance programme also enables the analysis of trends and patterns in performance in relation to each standard for each organisation type. This will assist in providing comprehensive and focused support to organisations.

4.4 Additionally, the NHSCFA will provide robust assurance to stakeholders, including participating organisations, NHS England and the Department of Health and Social Care (DHSC). Using our strong links with regulators such as the Care Quality Commission (CQC) and NHS Improvement, we will share information about the standards of counter fraud work to eliminate duplication of effort for providers. 4.5 Quality assurance of counter fraud work has been shown to drive up standards and the NHSCFA has developed a flexible, responsive and transparent process which will be provided through monitored action plans.

This will ensure that the counter fraud work carried out mitigates both national and local identified risks. 4.6 This section provides guidance on the quality assurance programme and should be used in conjunction with other relevant instructions and guidance that have been issued to support counter fraud work.

4.7 These documents include:  The NHS Standard Contract  NHSCFA standards for providers - fraud, bribery and corruption (as outlined in chapters 3 and 5)  NHS Counter Fraud Manual4  CIPFA Code of Practice on Managing the Risk of Fraud and Corruption. 4 Access to secure NHSCFA Extranet is required via N3 to access this resource.

OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 9 of 69 4.8 This list is not exhaustive and additional guidance can always be sought from the NHSCFA if required. Counter fraud, bribery and corruption quality assurance programme 4.9 The NHSCFA quality assurance programme comprises of two main processes: assurance and assessment.

Both are closely linked to the counter fraud, bribery and corruption standards set out in this document. 4.10 The quality assurance process includes an annual self review against the standards, which is conducted by organisations and submitted to the NHSCFA. The assessment process is conducted by the NHSCFA’s Quality and Compliance team in partnership with the organisation. Annual report 4.11 The NHSCFA requires organisations to provide an annual statement of assurance against the counter fraud standards. This statement of assurance is provided through completion of the annual report and the Self Review Tool (SRT).

4.12 Standard 1.5 requires organisations to produce an annual report. To assist organisations with this, a template has been produced, which is available at NHSCFA Extranet5 . The template is not intended to stipulate either the format that should be used or specific text describing counter fraud, bribery and corruption activities. However, the following items must be included in the annual report:  the completed self review tool  a signed declaration using the wording as indicated in the annual report template  the days used to deliver counter fraud, bribery and corruption work  the cost of counter fraud, bribery and corruption work carried out during the year.

4.13 There is no requirement to send the annual report to the NHSCFA’s Quality and Compliance team, unless the organisation is selected for assessment and the annual report is requested as part of the evidence submitted. 4.14 Although the annual report may usually be completed by the nominated counter fraud, bribery and corruption specialist, it is crucial that sign-off is provided by an executive representative of the organisation to provide stakeholders with the correct level of assurance. The member of the executive board responsible for overseeing counter fraud, bribery and corruption work should sign off the annual report by completing and signing it as indicated on the guidance template.

This will provide participating organisations, NHS England and DHSC with assurance that the organisation complies with counter fraud, bribery and corruption standards in line with its contractual obligations. 5 Access to secure NHSCFA Extranet is required via N3 to access this resource.

OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 10 of 69 4.15 The Quality and Compliance team will select the organisations to be assessed along with the type of assessment that will be undertaken. While we cannot carry out assessments of all organisations every year, we will endeavour to cover organisations regularly. Under-representation in any of the groups relating to sector or type will need to be addressed to ensure that the fullest picture of the delivery of counter fraud, bribery and corruption work is obtained. Although we seek to provide organisations with some certainty about whether or not they will be assessed, sometimes new information is received which results in a triggered assessment.

However, we will give ample notice of any assessment we undertake.

Self review tool 4.16 The self review tool (SRT) enables the organisation to produce a summary of the counter fraud, bribery and corruption work conducted over the previous twelve months. Organisations are required to complete the SRT annually and return it to the NHSCFA by a specified deadline. The SRT also covers the key areas of activity outlined in the standards. 4.17 Upon completion, the SRT provides a red, amber or green (RAG) rating for each of the key areas and an overall RAG rating. Further details of the red, amber and green ratings are outlined in Performance Ratings (paragraph 4.41) onwards.

4.18 Organisations should use the SRT in conjunction with their work planning. They can use it to review the progress made against the work plan developed at the beginning of the year. The SRT can also assist them in identifying risk areas and formulating objectives and tasks as they develop the work plan for the following financial year. Organisations can also use the SRT to monitor their compliance with the requirements of the standards throughout the year. Assessments 4.19 The assessment process is a means of evaluating an organisation’s effectiveness in dealing with the fraud, bribery and corruption risks it faces.

The process covers all activity carried out in the two years before the date of the assessment. The process is designed to be flexible, transparent and responsive to locally and nationally identified fraud, bribery and corruption risks. Where required, the NHSCFA shall provide organisations with recommendations to support them in mitigating their risks.

4.20 If an organisation, in the judgement of the Quality and Compliance team, requires an assessment, one of four types of assessment will be conducted:  Full  Focused  Thematic  Triggered.

OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 11 of 69 Full assessment 4.21 A full assessment would normally be used when an organisation’s counter fraud arrangements are identified as at significant risk. Such an organisation may demonstrate some or all of the following areas of concern (the list is not exhaustive):  The RED, AMBER or GREEN rating provided in the SRT is not supported by the annual report or any comments made in the SRT.

 Counter fraud, bribery and corruption provision is lacking or inadequate.  There are recommendations from previous assessments that have not been addressed.

 There is no evidence of a risk-based approach to counter fraud, bribery and corruption work.  The organisation is new or has started to provide significant additional services, and no previous history of effective counter fraud, bribery or corruption work exists.  There are significant gaps in NHSCFA required activity across key areas of activity or NHSCFA priority areas.  Significant concerns are raised by another part of the NHSCFA.  The member of the executive board responsible for overseeing counter fraud, bribery and corruption work raises concerns regarding the quality of the local counter fraud, bribery and corruption service received.

 A regulator such as NHS Improvement or CQC raises concerns regarding the quality of the service received. 4.22 A full assessment is conducted on all the NHSCFA key areas of activity as outlined in the standards.

Focused assessment 4.23 A focused assessment is undertaken in cases where an organisation either demonstrates a risk in a specific area of counter fraud, bribery or corruption activity or has demonstrated effective practice in one or more areas. A focused assessment is conducted on one or at most two of the key areas of activity, for example Strategic Governance or Inform and Involve. 4.24 A focused assessment might be conducted with organisations demonstrating some or all of the following characteristics:  The RED, AMBER or GREEN rating provided in the SRT is not supported by the annual report or any comments made in the relevant section of the SRT.

 There is a lack of evidence of measurable outcomes from the work conducted to mitigate risk.  Significant concerns are raised by another part of the NHSCFA.  There are gaps in one or two of the key areas of activity, for example Hold to Account.

OFFICIAL Standards for NHS Providers 2018-19 - The quality assurance programme - Page 12 of 69 Thematic assessment 4.25 A thematic assessment applies to a number of organisations and may be conducted regionally or across organisations of a similar type. 4.26 Driven primarily by NHSCFA and DHSC priority areas, thematic assessments focus on compliance and the identification of effective practice, or on areas of concern identified by the Quality and Compliance team.

New NHSCFA guidance, after a reasonable period given for it to be embedded in organisations, may be followed up by a thematic assessment. 4.27 Thematic assessments are likely to focus on a fairly specific part of the standards, possibly only one standard rather than the whole of a key area. Triggered assessments 4.28 Some organisations will not be selected for a full, focused or thematic assessment when the annual assurance is received. However, at any stage during the year organisations may be selected for a triggered assessment. Triggered assessments are driven by emerging risks, normally of a serious nature, which may have come to the attention of the Quality and Compliance team through Senior Quality and Compliance Inspector (SQCI) liaison with other parts of the NHSCFA.

Reasons for a triggered assessment may include, but are not limited to, the following:  a significant and adverse change in counter fraud, bribery and corruption specialist provision  a significant ongoing failure to manage organisational counter fraud, bribery and corruption risks  an ongoing lack of engagement with the NHSCFA’s counter fraud strategy  a lack of positive and proactive engagement with NHSCFA staff over a significant period, with a failure to improve after this has been highlighted  an ongoing failure to action recommendations from NHSCFA assessments, in spite of support and assistance offered.

4.29 If the organisation is selected for a triggered assessment, this can be a focused or full assessment.

4.30 Following a full or focused assessment, whether triggered or not, the organisation is provided with a written report which provides advice and guidance on driving up the quality and value for money of its counter fraud, bribery and corruption work. The intended outcome is improved standards, measured by future self reviews and annual reports and assessments. 4.31 Other quality assurance and compliance activities, in addition to assessments, may also take place to support and develop counter fraud, bribery and corruption work within the organisation. These could include one-to-one meetings with key personnel, and meetings with audit committees.

4.32 The purpose of the counter fraud, bribery and corruption quality assurance programme is to be constructive and supportive. The assurance and assessment processes do not focus solely on non-compliance with the

You can also read